Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Install Multi-Cluster CN2 on Amazon EKS

SUMMARY See examples on how to install multi-cluster CN2 on Amazon EKS.

In a multi-cluster deployment, CN2 is the central networking platform and CNI plug-in for multiple distributed workload clusters. The Contrail controller runs in the central cluster, and the Contrail data plane components run in the distributed workload clusters.

To install CN2 in a multi-cluster deployment, you first create the central cluster and then you attach the distributed workload clusters to the central cluster one by one.

The procedures in this section show basic examples of how you can use the provided manifests to create the specified CN2 deployment. You're not limited to the deployment described in this section nor are you limited to using the provided manifests. CN2 supports a wide range of deployments that are too numerous to cover in detail. Use the provided examples as a starting point to roll your own manifest for your specific situation.

Install Multi-Cluster CN2

Use this procedure to install CN2 in a multi-cluster deployment.

We use eksctl and YAML manifests to set up the clusters in this example.

The CN2 manifest that we use in this example procedure is amazon-eks/multi-cluster/central_cluster_deployer_example.yaml and amazon-eks/multi-cluster/central_cluster_cert-manager.yaml. The procedure assumes that you've placed these manifests into a manifests directory.

  1. Create the central cluster with no worker nodes.
    1. Create a yaml file that describes the cluster. We'll name this file eksctl-central-cluster.yaml.
      For example:

      Populate the file with your desired values:

      • name - the name you want to call the cluster

      • region - the AWS region of your cluster

      • serviceIPv4CIDR - the IP address subnet you want to assign to Kubernetes services

      • cidr - the IP address subnet you want to assign to your VPC

    2. Apply this YAML to create the central cluster (without a node group).
    3. Store the central cluster's region and VPC CIDR into variables for later use.
      For example:
    4. Store the central cluster's VPC ID into a variable for later use.
    5. Create a security group to accept traffic from future workload cluster VPCs.
      This security group is just a placeholder for now. When we start adding distributed workload clusters, we'll add rules to this security group to govern traffic from those distributed workload clusters.
  2. Install CN2 on the central cluster.
    1. Apply the central cluster manifest.
    2. Apply the central cluster cert-manager manifest.
    3. Add worker nodes to the cluster and specify the security group.
    4. Check that all pods are now up. This might take a few minutes.
    You've now created the central cluster.
  3. Follow Attach a Workload Cluster to create and attach a distributed workload cluster to this central cluster.
  4. Repeat step 3 for every distributed workload cluster you want to create and attach.
  5. (Optional) Run postflight checks. See Run Preflight and Postflight Checks.

    Run postflight checks from the central cluster only.